diff --git a/openapi.json b/openapi.json deleted file mode 100644 index cbcf7ec..0000000 --- a/openapi.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "openapi": "3.1.0", - "info": { - "title": "TAS — Tea Advanced Security", - "description": "Security reporting and gating API for Gitea. Upload SARIF reports per repo/branch; get allowed/new_findings for CI gating.", - "version": "1.0.0" - }, - "servers": [{ "url": "http://localhost:3000", "description": "Local" }], - "paths": { - "/repos/{owner}/{repo}/branches/{branch}/reports": { - "post": { - "operationId": "postReposByOwnerByRepoBranchesByBranchReports", - "description": "Upload a SARIF report for a repository and branch. Replaces any existing report. On non-default branches, compares to baseline and returns allowed/new_findings for CI gating.", - "request": { - "params": { - "owner": { - "description": "Repository owner (e.g. t.behrendt)", - "required": true - }, - "repo": { - "description": "Repository name (e.g. k_gitea)", - "required": true - }, - "branch": { "description": "Branch name", "required": true } - }, - "body": { - "content": { - "application/json": { - "schema": { - "type": "object", - "description": "SARIF 2.1 document with runs[]" - } - } - } - } - }, - "responses": { - "200": { - "description": "Report stored and (for non-default branch) gating result", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "allowed": { "type": "boolean" }, - "reason": { "type": "string" }, - "new_critical": { "type": "number" }, - "new_high": { "type": "number" }, - "new_medium": { "type": "number" }, - "new_low": { "type": "number" }, - "new_findings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "rule_id": { "type": "string" }, - "level": { "type": "string" }, - "message": { "type": "string" }, - "severity": { - "type": "string", - "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"] - }, - "artifact_uri": { "type": "string" }, - "region": { - "type": "object", - "properties": { - "start_line": { - "anyOf": [ - { "type": "number" }, - { "type": "null" } - ] - }, - "start_column": { - "anyOf": [ - { "type": "number" }, - { "type": "null" } - ] - } - }, - "required": ["start_line", "start_column"] - } - }, - "required": [ - "rule_id", - "level", - "message", - "severity", - "artifact_uri", - "region" - ] - } - } - }, - "required": [ - "allowed", - "new_critical", - "new_high", - "new_medium", - "new_low", - "new_findings" - ] - } - } - } - } - }, - "parameters": [ - { - "schema": { "type": "string" }, - "in": "path", - "name": "owner", - "required": true - }, - { - "schema": { "type": "string" }, - "in": "path", - "name": "repo", - "required": true - }, - { - "schema": { "type": "string" }, - "in": "path", - "name": "branch", - "required": true - } - ] - } - } - }, - "components": {} -} diff --git a/tas-upload-sarif/README.md b/tas-upload-sarif/README.md index 51e627a..b64e2bd 100644 --- a/tas-upload-sarif/README.md +++ b/tas-upload-sarif/README.md @@ -4,33 +4,33 @@ Reusable GitHub Action that uploads a SARIF report to [TAS (Tea Advanced Securit ## Inputs -| Input | Required | Description | -|-------|----------|-------------| -| `tas-base-url` | Yes | Base URL of the TAS API (e.g. `https://tas.example.com`) | -| `sarif-file` | Yes | Path to the SARIF report file (JSON) | -| `owner` | No | Repository owner (default: `github.repository_owner`) | -| `repo` | No | Repository name (default: `github.event.repository.name`) | -| `branch` | No | Branch name (default: `github.ref_name`) | +| Input | Required | Description | +| -------------- | -------- | --------------------------------------------------------- | +| `tas-base-url` | Yes | Base URL of the TAS API (e.g. `https://tas.example.com`) | +| `sarif-file` | Yes | Path to the SARIF report file (JSON) | +| `owner` | No | Repository owner (default: `github.repository_owner`) | +| `repo` | No | Repository name (default: `github.event.repository.name`) | +| `branch` | No | Branch name (default: `github.ref_name`) | ## Usage ```yaml - name: Upload SARIF to TAS and gate - uses: your-org/tas-actions/tas-upload-sarif@v1 + uses: https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1 with: - tas-base-url: 'https://tas.example.com' - sarif-file: 'results.sarif' + tas-base-url: "https://tas.example.com" + sarif-file: "results.sarif" ``` With explicit owner/repo/branch (e.g. for monorepos or custom refs): ```yaml -- uses: your-org/tas-actions/tas-upload-sarif@v1 +- uses: [your-org/tas-actions/tas-upload-sarif@v1](https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@v1) with: tas-base-url: ${{ vars.TAS_BASE_URL }} sarif-file: 'scan-output.sarif' - owner: my-org - repo: my-repo + owner: ${{ github.repository_owner}} + repo: ${{ github.event.repository.name }} branch: ${{ github.head_ref }} ```